diff options
Diffstat (limited to 'security')
-rw-r--r-- | security/pam-pgsql/Makefile | 7 | ||||
-rw-r--r-- | security/pam-pgsql/files/Makefile.bsd | 2 | ||||
-rw-r--r-- | security/pam-pgsql/files/patch-pam_get_pass.c | 73 | ||||
-rw-r--r-- | security/pam-pgsql/files/patch-pam_pgsql.c | 287 |
4 files changed, 365 insertions, 4 deletions
diff --git a/security/pam-pgsql/Makefile b/security/pam-pgsql/Makefile index b1ad4fefacc2..b2ebf2778fb5 100644 --- a/security/pam-pgsql/Makefile +++ b/security/pam-pgsql/Makefile @@ -7,16 +7,17 @@ PORTNAME= pam-pgsql PORTVERSION= 0.5.2 -PORTREVISION= 5 +PORTREVISION= 6 CATEGORIES= security databases MASTER_SITES= ${MASTER_SITE_DEBIAN} \ http://libpam-pgsql.codecastle.com/${PORTNAME}-${PORTVERSION}-${PORTREVISION}/ MASTER_SITE_SUBDIR= pool/non-US/main/p/pam-pgsql DISTFILES= ${PORTNAME}_${PORTVERSION}.orig${EXTRACT_SUFX} -PATCHFILES= pam-pgsql_0.5.2-${PORTREVISION}.diff.gz + +PATCHFILES= pam-pgsql_${PORTVERSION}-5.diff.gz PATCH_SITES= ${MASTER_SITES} -MAINTAINER= andrey@mgul.ac.ru +MAINTAINER= m@absolight.fr LIB_DEPENDS= pq:${PORTSDIR}/databases/postgresql7 diff --git a/security/pam-pgsql/files/Makefile.bsd b/security/pam-pgsql/files/Makefile.bsd index 3a6aef7d9c65..410e5e0aef1a 100644 --- a/security/pam-pgsql/files/Makefile.bsd +++ b/security/pam-pgsql/files/Makefile.bsd @@ -2,7 +2,7 @@ .PATH: ${FILESDIR} -SRCS= pam_pgsql.c pam_get_pass.c pam_std_option.c pam_get_service.c +SRCS= pam_pgsql.c pam_get_pass.c SHLIB_NAME= pam_pgsql.so LDADD= -lpam -L${LOCALBASE}/lib -lpq -lmd diff --git a/security/pam-pgsql/files/patch-pam_get_pass.c b/security/pam-pgsql/files/patch-pam_get_pass.c new file mode 100644 index 000000000000..55395c9158bd --- /dev/null +++ b/security/pam-pgsql/files/patch-pam_get_pass.c @@ -0,0 +1,73 @@ +--- pam_get_pass.c.orig Mon Jan 14 17:45:55 2002 ++++ pam_get_pass.c Tue Aug 13 18:31:56 2002 +@@ -33,70 +33,7 @@ + /* $Id: pam_get_pass.c,v 1.2 2000/06/25 09:39:28 ljb Exp $ */ + #include <stdlib.h> + #include <security/pam_modules.h> +-#include "pam_mod_misc.h" +- +-static int pam_conv_pass(pam_handle_t *, const char *, int); +- +-static int +-pam_conv_pass(pam_handle_t *pamh, const char *prompt, int options) +-{ +- int retval; +- const void *item; +- const struct pam_conv *conv; +- struct pam_message msg; +- const struct pam_message *msgs[1]; +- struct pam_response *resp; +- +- if ((retval = pam_get_item(pamh, PAM_CONV, &item)) != +- PAM_SUCCESS) +- return retval; +- conv = (const struct pam_conv *)item; +- msg.msg_style = options & PAM_OPT_ECHO_PASS ? +- PAM_PROMPT_ECHO_ON : PAM_PROMPT_ECHO_OFF; +- msg.msg = prompt; +- msgs[0] = &msg; +- if ((retval = conv->conv(1, msgs, &resp, conv->appdata_ptr)) != +- PAM_SUCCESS) +- return retval; +- if ((retval = pam_set_item(pamh, PAM_AUTHTOK, resp[0].resp)) != +- PAM_SUCCESS) +- return retval; +- memset(resp[0].resp, 0, strlen(resp[0].resp)); +- free(resp[0].resp); +- free(resp); +- return PAM_SUCCESS; +-} +- +-int +-pam_get_pass(pam_handle_t *pamh, const char **passp, const char *prompt, +- int options) +-{ +- int retval; +- const void *item = NULL; +- +- /* +- * Grab the already-entered password if we might want to use it. +- */ +- if (options & (PAM_OPT_TRY_FIRST_PASS | PAM_OPT_USE_FIRST_PASS)) { +- if ((retval = pam_get_item(pamh, PAM_AUTHTOK, &item)) != +- PAM_SUCCESS) +- return retval; +- } +- +- if (item == NULL) { +- /* The user hasn't entered a password yet. */ +- if (options & PAM_OPT_USE_FIRST_PASS) +- return PAM_AUTH_ERR; +- /* Use the conversation function to get a password. */ +- if ((retval = pam_conv_pass(pamh, prompt, options)) != +- PAM_SUCCESS || +- (retval = pam_get_item(pamh, PAM_AUTHTOK, &item)) != +- PAM_SUCCESS) +- return retval; +- } +- *passp = (const char *)item; +- return PAM_SUCCESS; +-} ++#include <security/pam_mod_misc.h> + + int diff --git a/security/pam-pgsql/files/patch-pam_pgsql.c b/security/pam-pgsql/files/patch-pam_pgsql.c new file mode 100644 index 000000000000..a85c00f28617 --- /dev/null +++ b/security/pam-pgsql/files/patch-pam_pgsql.c @@ -0,0 +1,287 @@ +--- pam_pgsql.c.orig Tue Aug 13 18:31:40 2002 ++++ pam_pgsql.c Tue Aug 13 18:33:05 2002 +@@ -23,7 +23,7 @@ + #define PAM_SM_ACCOUNT + #define PAM_SM_PASSWORD + #include <security/pam_modules.h> +-#include "pam_mod_misc.h" ++#include <security/pam_mod_misc.h> + + #define PASSWORD_PROMPT "Password: " + #define PASSWORD_PROMPT_NEW "New password: " +@@ -31,16 +31,15 @@ + #define CONF "/etc/pam_pgsql.conf" + + #define DBGLOG(x...) if(options->debug) { \ +- openlog("PAM_pgsql", LOG_PID, LOG_AUTH); \ + syslog(LOG_DEBUG, ##x); \ +- closelog(); \ + } + #define SYSLOG(x...) do { \ +- openlog("PAM_pgsql", LOG_PID, LOG_AUTH); \ + syslog(LOG_INFO, ##x); \ +- closelog(); \ + } while(0); + ++int pam_get_confirm_pass(pam_handle_t *, const char **, const char *, const char *, int); ++ ++ + typedef enum { + PW_CLEAR = 1, + PW_MD5, +@@ -61,32 +60,36 @@ + int debug; + }; + +-/* private: parse and set the specified string option */ +-static void +-set_module_option(const char *option, struct module_options *options) +-{ +- char *buf, *eq; +- char *val, *end; +- +- if(!option || !*option) +- return; ++enum { ++ PAM_DATABASE = PAM_OPT_STD_MAX, ++ PAM_TABLE, ++ PAM_DB_HOST, ++ PAM_DB_USER, ++ PAM_DB_PASSWORD, ++ PAM_USER_COLUMN, ++ PAM_PWD_COLUMN, ++ PAM_EXPIRED_COLUMN, ++ PAM_NEWTOK_COLUMN, ++ PAM_PW_TYPE ++}; + +- buf = strdup(option); ++static struct opttab other_options[] = { ++ {"database", PAM_DATABASE}, ++ {"table", PAM_TABLE}, ++ {"host", PAM_DB_HOST}, ++ {"user", PAM_DB_USER}, ++ {"password", PAM_DB_PASSWORD}, ++ {"user_column", PAM_USER_COLUMN}, ++ {"pwd_column", PAM_PWD_COLUMN}, ++ {"expired_column", PAM_EXPIRED_COLUMN}, ++ {"newtok_column", PAM_NEWTOK_COLUMN}, ++ {"pw_type", PAM_PW_TYPE}, ++ {NULL, 0} ++}; + +- if((eq = strchr(buf, '='))) { +- end = eq - 1; +- val = eq + 1; +- if(end <= buf || !*val) +- return; +- while(end > buf && isspace(*end)) +- end--; +- end++; +- *end = '\0'; +- while(*val && isspace(*val)) +- val++; +- } else { +- val = NULL; +- } ++/* set the specified string option */ ++static void ++set_option_val(struct module_options * options, const char * buf, char * val) { + + DBGLOG("setting option: %s=>%s\n", buf, val); + +@@ -118,17 +121,48 @@ + } else if(!strcmp(buf, "debug")) { + options->debug = 1; + } ++} ++ ++/* private: parse the specified string option */ ++static void ++set_module_option(const char *option, struct module_options *options) ++{ ++ char *buf, *eq; ++ char *val, *end; ++ ++ if(!option || !*option) ++ return; ++ ++ buf = strdup(option); ++ ++ if((eq = strchr(buf, '='))) { ++ end = eq - 1; ++ val = eq + 1; ++ if(end <= buf || !*val) ++ return; ++ while(end > buf && isspace(*end)) ++ end--; ++ end++; ++ *end = '\0'; ++ while(*val && isspace(*val)) ++ val++; ++ } else { ++ val = NULL; ++ } ++ ++ set_option_val(options, buf, val); + + free(buf); + } + + /* private: read module options from file or commandline */ + static int +-get_module_options(int argc, const char **argv, struct module_options **options) ++get_module_options(int argc, const char **argv, struct module_options **options, struct options * pam_options) + { + int i, rc; + FILE *fp; + struct module_options *opts; ++ char *c; + + opts = (struct module_options *)malloc(sizeof *opts); + bzero(opts, sizeof(*opts)); +@@ -154,11 +188,11 @@ + fclose(fp); + } + +- for(i = 0; i < argc; i++) { +- if(pam_std_option(&rc, argv[i]) == 0) +- continue; +- set_module_option(argv[i], opts); ++ for(i = PAM_OPT_STD_MAX; i <= PAM_PW_TYPE; i++) { ++ if (pam_test_option(pam_options, i, &c)) ++ set_option_val(opts, other_options[i - PAM_OPT_STD_MAX].name, c); + } ++ + *options = opts; + + return rc; +@@ -257,7 +291,7 @@ + free(conn_str); + + if(PQstatus(conn) != CONNECTION_OK) { +- SYSLOG("PostgreSQL connection failed: '%s'", PQerrorMessage(conn)); ++ SYSLOG("PostgreSQL connection failed: '%s' '%s'", PQerrorMessage(conn), conn_str); + return NULL; + } + +@@ -412,7 +446,6 @@ + user_s = malloc(ulen); + + sqlescape(user, user_s, strlen(user)); +-DBGLOG(user_s); + + DBGLOG("query: SELECT %s FROM %s WHERE %s='%s'", options->pwd_column, options->table, options->user_column, user); + if(pg_exec(options, conn, &res, "SELECT %s FROM %s WHERE %s='%s'", +@@ -463,13 +496,17 @@ + pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) + { + struct module_options *options; ++ struct options pam_options; + const char *user, *password; + int rc, std_flags; + + if((rc = pam_get_user(pamh, &user, NULL)) != PAM_SUCCESS) + return rc; + +- std_flags = get_module_options(argc, argv, &options); ++ pam_std_option(&pam_options, other_options, argc, argv); ++ ++ std_flags = get_module_options(argc, argv, &options, &pam_options); ++ + if(options_valid(options) != 0) { + free_module_options(options); + return PAM_AUTH_ERR; +@@ -477,18 +514,19 @@ + + DBGLOG("attempting to authenticate: %s", user); + +- if((rc = pam_get_pass(pamh, &password, PASSWORD_PROMPT, std_flags) ++ if((rc = pam_get_pass(pamh, &password, PASSWORD_PROMPT, &pam_options) + != PAM_SUCCESS)) { + free_module_options(options); + return rc; + } ++ DBGLOG("received : user: '%s', pass: '%s'", user, password); + + if((rc = auth_verify_password(user, password, options)) != PAM_SUCCESS) { + free_module_options(options); + return rc; + } + +- SYSLOG("(%s) user %s authenticated.", pam_get_service(pamh), user); ++ SYSLOG("user %s authenticated.", user); + free_module_options(options); + + return PAM_SUCCESS; +@@ -500,13 +538,16 @@ + const char **argv) + { + struct module_options *options; ++ struct options pam_options; + const char *user; + char *user_s; + int rc, ulen; + PGconn *conn; + PGresult *res; + +- get_module_options(argc, argv, &options); ++ pam_std_option(&pam_options, other_options, argc, argv); ++ ++ get_module_options(argc, argv, &options, &pam_options); + if(options_valid(options) != 0) { + free_module_options(options); + return PAM_AUTH_ERR; +@@ -590,13 +631,16 @@ + pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv) + { + struct module_options *options; ++ struct options pam_options; + int rc, std_flags, ulen; + const char *user, *pass, *newpass; + char *newpass_crypt, *user_s; + PGconn *conn; + PGresult *res; + +- std_flags = get_module_options(argc, argv, &options); ++ pam_std_option(&pam_options, other_options, argc, argv); ++ ++ std_flags = get_module_options(argc, argv, &options, &pam_options); + if(options_valid(options) != 0) { + free_module_options(options); + return PAM_AUTH_ERR; +@@ -614,7 +658,7 @@ + + if(flags & PAM_PRELIM_CHECK) { + /* at this point, this is the first time we get called */ +- if((rc = pam_get_pass(pamh, &pass, PASSWORD_PROMPT, std_flags)) == PAM_SUCCESS) { ++ if((rc = pam_get_pass(pamh, &pass, PASSWORD_PROMPT, &pam_options)) == PAM_SUCCESS) { + if((rc = auth_verify_password(user, pass, options)) == PAM_SUCCESS) { + rc = pam_set_item(pamh, PAM_OLDAUTHTOK, (const void *)pass); + if(rc != PAM_SUCCESS) { +@@ -640,7 +684,7 @@ + } + rc = auth_verify_password(user, pass, options); + if(rc != PAM_SUCCESS) { +- SYSLOG("(%s) user '%s' not authenticated.", pam_get_service(pamh), user); ++ SYSLOG("user '%s' not authenticated.", user); + free_module_options(options); + return rc; + } +@@ -698,7 +742,7 @@ + + free_module_options(options); + free(user_s); +- SYSLOG("(%s) password for '%s' was changed.", pam_get_service(pamh), user); ++ SYSLOG("password for '%s' was changed.", user); + return PAM_SUCCESS; + } + +@@ -707,4 +751,6 @@ + pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv) + { + return PAM_SUCCESS; +-} ++} ++ ++PAM_MODULE_ENTRY("pam_pgsql"); |